I set up a CloudFront distribution to work with a Custom Origin - my client's web server (www.mydomain.com
).
When I load my webpage and check the Network tab of the Chrome web inspector, the assets are shown as coming from the origin server (www.mydomain.com
), and the "Initiator" column shows the CloudFront URL as a redirect. I take that to mean that CloudFront is redirecting the asset request to my origin server, which pretty much defeats the purpose.
When I set up the distribution, I left the TTL at the default value, which I believe means 24 hours.
If I use an S3 bucket as the origin instead of a web server, the assets load directly from CloudFront as expected.
It's a late answer, but if anyone stumble on this, I had the same problem without using any HTTPS redirect.
In CloudFront, my origin was
mysite.com
, when the website is actuallywww.mysite.com
. I updated it in CloudFront, and now it works!If you see your own server domain in the URL for the asset, it means that CloudFront received a redirect response when it went to fetch the asset and is serving that redirect as the cached result. This is definitely not what you want.
I had a similar problem that I solved after seeing one of the answers on this post:
Magento - Amazon Cloudfront CDN and Caching
I was redirecting from domain.com to www.domain.com and CloudFront was caching and returning that redirect. You would probably see the same thing with an http/https redirect.
If you're doing an HTTP -> HTTPS redirect, you have two options: You can either serve the assets to CloudFront as HTTP or make CloudFront request them as HTTPS. To do the latter, you would need to configure your CloudFront origin to "Match Viewer." That means that if the viewer is using HTTPS, CloudFront will also. If the user is using HTTP, CloudFront would request in HTTP, return the HTTPS redirect it received from your server, and the client would then re-issue the request as HTTPS.
In our case, the assets themselves do not need to be protected in-flight. It is only important that they are served from CloudFront as HTTPS so the user's browser is seeing all HTTPS content. So, in our case, it is not necessary to serve the assets to CloudFront as HTTPS. Regardless of how it fetches the content from our server, CloudFront will match the viewer's protocol when it responds.